Initial add of pgadmin to nidus systems

This is to allow Ben to do his own delving into the data we have

modules/system/default.nix

@@ -19,6 +19,8 @@
 		./minio.nix
 		./nidus-sync.nix
 		./openssh.nix
+		./pi.nix
+		./pgadmin.nix
 		./podman.nix
 		./qgis.nix
 		./restic

modules/system/pgadmin.nix

@@ -0,0 +1,44 @@
+{ config, configFiles, lib, pkgs, ... }:
+with lib;
+
+let
+	cfg = config.myModules.pgadmin;
+	group = "root";
+	port = 10100;
+	user = "root";
+in {
+	options.myModules.pgadmin = {
+		domainName = mkOption {
+			example = "staging-pgadmin.nidus.cloud";
+			type = types.str;
+		};
+		enable = mkEnableOption "custom pgadmin configuration";
+	};
+
+	config = mkIf config.myModules.pgadmin.enable {
+		services.caddy.virtualHosts."${cfg.domainName}" = {
+			extraConfig = ''
+				reverse_proxy {
+					to http://127.0.0.1:${toString port}
+					header_up X-Forwarded-Proto "https"
+				}
+				header / Access-Control-Allow-Origin *
+			'';
+		};
+		services.pgadmin = {
+			enable = true;
+			initialEmail = "eli@gleipnir.technology";
+			initialPasswordFile = "/var/run/secrets/pgadmin.yaml";
+			port = port;
+		};
+		sops.secrets."pgadmin-initial-password-file" = {
+			format = "yaml";
+			group = "${group}";
+			key = "initial-password";
+			mode = "0440";
+			owner = "${user}";
+			#restartUnits = ["${nidusNameWebserver}.service"];
+			sopsFile = ../../secrets/pgadmin.yaml;
+		};
+	};
+}